What are JWT(Json Web Tokens)?

everything you need to know about JWT

What are JWT(Json Web Tokens)?

  • Pronounced as jot(JWT)
  • It is a means of transferring information between parties using JSON object.

It consist of three parts separated by dot(.)

  • Header.payload.signature
  • like xxxx.yyyy.zzzz

a typical JWT look like this :

jwt.png

Header contains two parts

  • type of token which is JWT.
  • hashing algorithm

Payload contain claims which can be reserved,public,private.

Signature for creating signature we take encoded header,encoded payload and sign that.

jwt1.png

How JWT works?

An example

  • when a user sends a post request to the server (like login), a JWT will be returned.
  • the server will check for a valid JWT .
  • if there is a valid JWT user will be allowed to access the protected page!

Why use JWT?

-small in size

  • more secured due to digital signature
  • easier to process. -stateless authentication (user is not saved in server memory)
  • reduces need to go back and forth to database for information

Common Use Cases :

  • Authentication
  • Authorization
  • Information exchange